The field of aviation safety focuses on understanding and applying risk management techniques. There is a significant concentration of rules, court records, accidents, and near-miss aviation incident investigations. On top of these are the lessons gained and the knowledge that has been shared; reports, data, and stats that combine to form a cognitive super vitamin that the aviation community employs to maintain the health and safety of their industry.

The aforementioned idea works. People view aviation as the safest mode of transportation because they have faith in it. Sadly, the community feels very exposed and helpless when it comes to cybersecurity. Its reputation is clouded by unavailable statistics, shadowy areas, and a lack of lessons learned from cyber incidents, among other things. Wouldn’t it be preferable if companies and organizations adopted the effective “how-to” of the aviation safety industry to raise their cybersecurity standards and the public’s trust in them?

The idea behind

The recent cyberattacks rekindled interest in a Board structure that may look into cyber occurrences among business, academia, and the US government. A workshop on developing a cyber incident investigation capacity modeled after the National Transportation Safety Board was organized in the spring of 2021. (NTSB). The most comprehensive set of aviation safety programs is thought to be the NTSB. It functions as an independent Federal agency that is tasked by Congress with looking into significant transportation incidents and accidents. To stop similar tragedies in the future, NTSB looks into the causes and makes safety recommendations.

The session looked at whether the cybersecurity industry could embrace aviation safety measures to strengthen its position. The final product was a report with significant findings highlighted, research topics noted, and a suggested road map of recommendations. According to the report’s findings, the cybersecurity sector lacks procedures and authoritative, impartial investigations with an emphasis on disseminating lessons learned from cyber disasters and fostering improvements.

Policymakers in the cybersecurity sector have pushed for the creation of a body that will look into cyberattacks and incidents, spot security flaws and breaches, and tell the public. The NTSB transportation safety paradigm is commonly utilized as an illustration from that standpoint because it gives the idea of body, maturity, and substance.

The “cyber NTSB” conceptual approach

The “Cyber NTSB” idea, which was conceived in 1991, was the subject of a four-month workshop with 70 top brains. Participants were presented with the same issue as described in the NSF 2014 Report: “A key issue in cyber security is a lack of reliable, consistently reported data regarding security events.” The absence of information makes it harder for others to draw lessons from these attacks and is causing priorities to be set incorrectly.

The workshop was built on the premise that the current cybersecurity safety system is insufficient and needs to be improved to match the standards set by the aviation safety sector. The participants found that information, knowledge, and wisdom are lacking in cybersecurity—not data, which is in abundance.

Key findings of the workshop

The training started off by looking at how a Board can be informed about incidents in order to decide if they warrant investigation.

Contrary to aviation, cyber incidents are not violent as aeroplane disasters and are shrouded in secrecy because businesses are afraid of responsibility and tarnished brand reputations, making it harder to identify them.

According to the workshop’s conclusions:

  • By filling in the gaps between them, the Board can make effective use of the current reporting systems.
  • Although it is made clear that information sharing does not contravene antitrust rules, incentives for voluntary reporting are lacking in the cybersecurity and IT fields.
  • Individual reporting can increase the Board’s awareness, while others may view it as a sign of a company’s weakness and underinvestment in security.

With a sufficient reporting system in place, the question of which incidents need further investigation arose. The workshop made clear that the investigation process should be initiated by both quantitative and qualitative criteria. Additionally, it would be very helpful if the Board could look into trends as well as events. If it could monitor the cybersecurity environment, spot trends in attack patterns and common failures, and link effective defense techniques to these trends.

The steps for conducting a successful investigation were then looked at. What should be looked into, how should investigations go, and what methods should be employed? The Board found that

Collaborative fact-finding and independent analysis are ideal. Similar to aircraft mishaps, a large number of parties provide expertise to the inquiry but are not included in the analysis or the final report.

Thorough research takes time, which adds value to the work. Deep and thorough inquiries aid in learning about the situation. It is important to examine the failures of the involved products, tools, and controls.

The NTSB’s independence enables the Board to assess regulators and laws.

It is crucial to publish incident and “near-miss incident” reports. The workshop came to the conclusion that the defender community frequently engages in situations they do not fully comprehend since there are no accurate data, records, and histories of cyber attacks that can be used to develop policies and reaction strategies based on what has occurred.

In order to improve the “learning and sharing” notion, the reporting system should use narratives and data, but it should distribute knowledge appropriately. There may be sensitive information that needs to be shared in a discreet manner, such as “pilots’ last remarks to families.”

The next steps

Aviation safety would undoubtedly be the top model if safety were a fashion show; she is delicate but strong, and time would only enhance her beauty. Whether cybersecurity can use the same runways as aviation safety is the challenge. The workshop demonstrated that it is achievable if everyone works together to integrate information to the highest level of security.

In order to do this, the workshop summarises key findings for additional research as well as a number of research issues on the adaptation of lesson learning systems from aviation. Finally, it makes a number of suggestions for the Cyber Safety Review Board (CSRB) and Congress to turn the concept of a “Cyber NTSB” into a reality; a body that can learn from failures and achievements and liberally share knowledge.